Stefano: Thanks for pointing out. I was looking at the older version of the SMTP RFC. I will let you know once the code is ready. Ken
Stefano Bagnara <[EMAIL PROTECTED]> wrote: Ken Lin wrote: > Stefano: > I went ahead and tested a few other ISP and corporation's email. It seems > when SMTP authentication is not established, many directly reject any mail > with sender containing the designated domain name. Here are the servers I > tested that rejected all spoof: > > Mail ISP: > Gmail: gsmtp183.google.com I just sent a mail from one of my gmail account to another of my gmail account using their smtp server without authentication and I have been succesfull. You're probably missing something in the tests, or I don't understand what are you testing. [edentist][/var/log]$ telnet gsmtp163.google.com 25 Trying 64.233.163.27... Connected to gsmtp163.google.com. Escape character is '^]'. 220 mx.gmail.com ESMTP 38si1843438nzk ehlo pippo.com 250-mx.gmail.com at your service 250-SIZE 20971520 250-8BITMIME 250 ENHANCEDSTATUSCODES mail from: 250 2.1.0 OK rcpt to: 250 2.1.5 OK data 354 Go ahead Subject: test body . 250 2.0.0 OK 1141947204 38si1843438nzk quit 221 2.0.0 mx.gmail.com closing connection 38si1843438nzk Connection closed by foreign host. And I succesfully received the message. I don't test all the other servers because there is obviously a misunderstanding in this conversation. > Just to make sure that the code change won't violate the RFC, can you let > me know the RFC number and section number that mandates any email from > @xyz.com can be sent to [EMAIL PROTECTED] without SMTP authentication? I > looked at the following two RFCs from the IETF site and couldn't find this > mandate: > SMTP RFC (821): http://www.ietf.org/rfc/rfc0821.txt > SMTP authentication RFC (2554): http://www.ietf.org/rfc/rfc2554.txt RFC 2821 - Simple Mail Transfer Protocol 4.5.1 Minimum Implementation Any system that includes an SMTP server supporting mail relaying or delivery MUST support the reserved mailbox "postmaster" as a case- insensitive local name.This postmaster address is not strictly necessary if the server always returns 554 on connection opening (as described in section 3.1). The requirement to accept mail for postmaster implies that RCPT commands which specify a mailbox for postmaster at any of the domains for which the SMTP server provides mail service, as well as the special case of "RCPT TO: " (with no domain specification), MUST be supported. SMTP systems are expected to make every reasonable effort to accept mail directed to Postmaster from any other system on the Internet. In extreme cases --such as to contain a denial of service attack or other breach of security-- an SMTP server may block mail directed to Postmaster. However, such arrangements SHOULD be narrowly tailored so as to avoid blocking messages which are not part of such attacks. Stefano --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------- Yahoo! Mail Bring photos to life! New PhotoMail makes sharing a breeze.
